The breaches of the infidelity-focused online dating service Ashley Madison and toymaker VTech illustrate just how bad the data-breach epidemic got in 2015.

"What those breaches have in common is they exposed information, including people's personal data, in perhaps unexpected and alarming ways,"DataBreachToday Executive Editor Mathew J. Schwartz says in a year-end audio blog (click player below image to listen). Plus, the organizations storing the information apparently failed to adequately secure it in the first place.

In the blog, Schwartz also:

Explains how Ashley Madison's marketing suggested that clients' personal information would be secure, even though it wasn't;

Analyzes the approach VTech took to secure data that raises questions about the security of all of its Internet-tied products aimed at children; and

Asks what else regulators or legislators should be doing to close the gap between how products are marketed, and how they actually perform, from a security standpoint.

"The big takeaway is ... don't assume anything is secure until proven otherwise," Schwartz says. "Anything that is Internet-connected, don't trust it without guarantees."